← Back

CVE-2026-0528

nvd nist
Published: Jan 13, 2026Modified: Jan 22, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input Validation (CWE-20) exists in the Prometheus helper module that can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed metric data.

Affected (4)

Products: Elastic: Kibana
Elastic
1 product
Kibana
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Elastic
Kibana
From 7.0.0 to 7.17.29
Kibana
From 8.0.0 to 8.19.10
Kibana
From 9.0.0 to 9.1.10
Kibana
From 9.2.0 to 9.2.4

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (1)

Source: security@elastic.co
Vendor Advisory

Timeline

No history available yet.